From: Jouni Malinen <j@w1.fi>
Date: Sun, 9 Mar 2008 10:04:10 +0000 (+0200)
Subject: TNC: Fixed TNC when using EAP-TTLS with non-EAP Phase 2
X-Git-Tag: hostap_0_6_4~118
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=35f39ac4c9a30b4adb8d0387c289d0ba8ab0d21f;p=thirdparty%2Fhostap.git

TNC: Fixed TNC when using EAP-TTLS with non-EAP Phase 2

Need to process EAP AVP after the non-EAP Phase 2 method. In addition,
EAP-TTLS/MSCHAPv2 needs special code for handling the starting of TNC after
extra roundtrip of MSCHAPv2 success message.
---

diff --git a/src/eap_peer/eap_ttls.c b/src/eap_peer/eap_ttls.c
index a3ded89ac..39a9f0a35 100644
--- a/src/eap_peer/eap_ttls.c
+++ b/src/eap_peer/eap_ttls.c
@@ -991,7 +991,7 @@ static int eap_ttls_phase2_request(struct eap_sm *sm,
 		}
 	}
 
-	switch (data->phase2_type) {
+	switch (phase2_type) {
 	case EAP_TTLS_PHASE2_EAP:
 		res = eap_ttls_phase2_request_eap(sm, data, ret, hdr, resp);
 		break;
@@ -1334,6 +1334,15 @@ static int eap_ttls_process_phase2_mschapv2(struct eap_sm *sm,
 	}
 
 	if (parse->mschapv2 == NULL) {
+#ifdef EAP_TNC
+		if (data->phase2_success && parse->eapdata) {
+			/*
+			 * Allow EAP-TNC to be started after successfully
+			 * completed MSCHAPV2.
+			 */
+			return 1;
+		}
+#endif /* EAP_TNC */
 		wpa_printf(MSG_WARNING, "EAP-TTLS: no MS-CHAP2-Success AVP "
 			   "received for Phase2 MSCHAPV2");
 		return -1;
@@ -1435,9 +1444,7 @@ static int eap_ttls_process_decrypted(struct eap_sm *sm,
 	case EAP_TTLS_PHASE2_MSCHAPV2:
 		res = eap_ttls_process_phase2_mschapv2(sm, data, ret, parse);
 #ifdef EAP_TNC
-		if (res == 1 && parse->eapdata &&
-		    ret->methodState == METHOD_DONE &&
-		    ret->decision == DECISION_UNCOND_SUCC) {
+		if (res == 1 && parse->eapdata && data->phase2_success) {
 			/*
 			 * TNC may be required as the next
 			 * authentication method within the tunnel.